| Every chapter in this book focuses on a particular area of incident response. The chapter breakdown is as follows : -
Chapter 1,"An Introduction to Incident Response," covers issues such as what incident response is, why it is needed, and the kinds of initial considerations that must be addressed. -
Chapter 2,"Risk Analysis," covers the kinds of incidents that can occur, the types of damage that result, and the relationship between risk analysis and incident response efforts. -
Chapter 3,"A Methodology for Incident Response," presents a classic six-stage methodology for incident handing: preparation, detection, containment, eradication, recovery, and follow-up. This chapter also presents the rationale for using this methodology as well as special considerations that apply to each stage. -
Chapter 4,"How to Form and Manage an Incident Response Team," explains how to create and sustain an incident response effort. -
Chapter 5,"Organizing for Incident Response," covers how to prepare for responding to incidents. The major focus is on dealing with the various parts of an organization and enlisting support from within as well as dealing with the press. It also presents suggestions for minimizing damage to an organization's reputation if an incident occurs. -
Chapter 6,"Tracing Network Intrusions," describes intrusion-tracing techniques for networked systems and other related considerations, such as how to develop communication channels that enable those who are involved in incident response to obtain information about attacks that have occurred. -
Chapter 7,"Legal Issues," deals with basic legal considerations that surround the incident response arena as well as their applicability. These include matters such as applicable legal statutes, considerations related to individual privacy, legal risks associated with responding to incidents, how to deal with the law enforcement community, and others. -
Chapter 8,"Forensics I," covers locating evidence, determining the form of the evidence, using forensic triage, best practices, separating the collection of evidence from the analysis of it, forensic evidence handling and preservation and the rationale for each method and technique, the cost of forensic analysis versus the gain, using data forensics and evidence in court or disciplinary hearings, and other important issues. -
Chapter 9,"Forensics II," continues where Chapter 8 leaves off. Chapter 9 covers the more technical, detailed aspects of computer forensics, including covert searches, advanced searches, how to deal with encrypted data, and special considerations with laptops, older systems, UNIX hosts, and Linux hosts . -
Chapter 10,"The Human Side of Incident Response," (written by Dr.Terry Gudaitis, a criminogist who specializes in dealing with computer crime) deals with the human factor, including how to construct profiles on individuals' behavior and how to interview suspects when computer crimes have occurred. -
Chapter 11, "Responding to Insider Attacks," covers topics such as types of insiders, types of attacks, special considerations that apply to insider attacks, how to work with human relations, legal and other functions to bring insider attack cases to suitable closure, and the relationship of insider investigations to disciplinary/court hearings. -
Chapter 12, "Traps and Deceptive Measures," describes types of deceptive measures available, how to deploy them, cautions , and how to weigh costs versus benefit. -
Chapter 13, "Future Directions in Incident Response," deals with what incident response ofthe future might be like and the probable implications for the incident response community. -
Appendix A,"RFC-2196," contains the RFC that deals specifically with incident response considerations. -
Appendix B,"Incident Response and Reporting Checklist," presents a sample form for reporting security-related incidents that occur. We are confident that this book will be of great value to you as you deal with the challenge of responding to security-related incidents. |
